A golden rule of Operations Manager is not to store anything in the Default Management Pack. When creating overrides or new rules and monitors, the default management pack appears as the first option.

Therefore it is a recommended good practice to change the display name of ‘Default Management Pack’ to ‘DO NOT USE – Default Management Pack’ which adds an extra safeguard, making it less likely for users to store elements in the default management pack.

The following links list Security Event Details for Events that occur when a given Security Scenario occurs. This is useful for creating Security auditing style event-collection or alert-generating rules (or both):

This is a report that I see many customer’s getting a lot of use out of. Just download the samplereportslibrary.xml and import it like a normal management pack. Once the Sample Reports folder comes up and you see Server overview report, run it against the Agent Managed Computer Group, and change the ‘From’ parameter from ‘Today’ to ‘Yesterday’.

Subscriptions

It is important to note the difference between ‘Alerts’ and ‘Notifications’. Alerts are seen in the console. Notifications are items such as emails that users receive outside of the Operations console. Notifications are created based upon the configured subscriptions that map alerts to notifications. Very granular subscriptions can be created using the ‘Created by Specific Rules or Monitors’ options. These subscriptions can be created or added to, using the ‘Create’ and ‘Modify’ Subscription tasks that are available on the Actions Pane in the right-hand side of the console, when clicking on any alert in the monitoring space.

There is also an advantage of creating a ‘catch-all’ subscription (criteria = all alerts) and having those notifications go to a mailbox for that specific purpose (service account mailbox for example) . And then the mailbox can be reviewed for identifying alerts that are good candidates to add to the more important granular subscriptions with wider audiences.

Subscription Channel Format

The subject format can be modified by moving $Data/Context/DataItem/ResolutionStateName$ to the front of the subject line and getting rid of the words ‘Resolution State’ like so:

With this change, notification emails will appear as New Alert: Alert Name or Closed Alert: Alert Name.

A Synthetic Transaction is monitoring from the client perspective. For example, web sites are monitored using the IIS Management Pack and although a website shows as healthy from the IIS perspective, a client may not be able to get to it, due to a network issue. This is where synthetic transactions can be used. As part of creating Synthetic transaction monitors, it is possible to specify one or more watcher nodes, which is where the synthetic transaction is ran from.

In Operations Manager, we should not use groups for the purposes of targeting. Instead, we should always target rules and monitors at a singular object. For instance ‘All Windows Computers’ (which is a group) is not a valid target to use when creating a rule or monitor that you wish to become active on all Windows Computers. However the singular object ‘Windows Computer’ is an appropriate object that could be used in this scenario. The best-practice poster for targeting can be found here:

Hit the “New Query” button at the top left then just underneath that, change the dropdown where it says “master” to “OperationsManager”.

Then in the query window on the right hand side (where you should see a flashing cursor) type:

select * from localizedtext where elementname like ‘%workflowname%’

In the example provided, use:

select * from localizedtext where elementname like ‘%2005.reportingservicesdiscoveryrule.server%’

(note the % is a wildcard for any characters before or after the string. Also note the localized text table is just a place where we store display names that you see in the console.)

Then click the !Execute button or press F5 to execute the query.

In most cases, this returns 2 results.

One is the workflow name and one is the workflow’s description.

Scroll across to view the LTValue which will contain the ‘friendly name’ of the discovery name and description.

Once we have the LTValue for the discovery / rule / monitor name, we need to search for it in the console.

In the ops manager console, go to authoring>Management Pack Objects>Object Discoveries. (note – it can be a trial and error process to discover whether the workflow is a monitor, rule or an object discovery – in this case it is an object discovery. If it is a monitor or rule, you will need to click monitors or rules and search in those nodes)

Make sure the view is not scoped and in the look for box, type the friendly name of the rule, monitor or discovery and hit search.

The monitoring object will be returned and can be overridden to increase the timeout.

After overriding it, resolve the alert and then see if it reoccurs.

If there is still a problem after increasing the timeout, it may be necessary to investigate other reasons why that particular workflow may be failing, but knowing which monitor, rule or discovery is the root cause helps in this troubleshooting process.